You can only verify AVS and CVV when processing a credit card. So if you wish to verify this information before actually priocessing a valid sale you will need to do two transactions. The first will be an AUTH_ONLY for $0.00 so you can get the AVS and CVV results back (a transaction fee will aply for both Authnet and your merchant account provider). Then if they both match you can have your software go ahead and process the transaction. Keep in mind every time you verify their information you will get whacked for transaction fees so this could be a costly way of verifying this information. You might just be better off reviewing the transaction after the order is placed and if necessary call or reject the sale then.

We are trying to do the same thing mentioned here where we do an AVS before we process a real transaction.  Currently we are using the test server to make sure we can integrate our custom written system with Authorize.net using AIM.

When I test a "AUTH_ONLY" with a 0.00 dollar amount, I get back a response code of 3, sub code 1, response reason code 289 and reason text "This processor does not accept zero dollar authorization for this card type." and AVS Response of "P".  This is using the sample API codes test CC #4111111111111111.

Am I getting the AVS response of "P" and the not accepting zero dollar card because I am using the test server, or am I doing something wrong?  I also couldn't find a response reason code of 289 either.

So is there no other way to verify that the customer has enetered the correct CVC number with his card before transacting?  We have a problem were the customer is declined because of an invalid CVC but the transaction has been allocated with the credit card company and is waiting approval, locking up the credit on the customers credit card.  The CSR with the credit card company tells the customer that the transaction is pending, leading the customer to believe that we are still charging them,  and that amount of credit is not available for use.

Is there any way at all or is using the CVC more trouble than it is worth?  Why can't this be a cleaner handoff?

---

jrwallace96 wrote:

So is there no other way to verify that the customer has enetered the correct CVC number with his card before transacting?  

---

Not without doing some sort of transaction that performs a CVV check (AUTH_CAPTURE, AUTH_ONLY). Unfortunately this is how the credit card issuers/processors have it set up.

---

jrwallace96 wrote: 

Is there any way at all or is using the CVC more trouble than it is worth? 

---

 I personally don't believe rejecting a transaction based CVV is a good idea. It's only one of many factors that should be considered when determining the risk level of a transaction (and not a very robust one) and should be used accordingly. I recommend allowing transactions with invalid or incorrect CVV numbers to go through and reviwing them after the transaction is complete. If you think the order is suspicious, call the customer. If you think it is fraudulent do a void/refund. You're still protected and you don't lose any valueable customers whose only mistake was inputting the wrong CVV number. (Plus you save yourself a headache of trying to verify CVV ahead of time which is probably more time and effort then it is worth).

I'm still having trouble getting a "AUTH_ONLY" to work with a 0.00 dollar amount using the test cc #4111111111111111. 

Is is possible to run this type of transaction on the test server, using a test login?

Here is my sample code, taken from the VB Sample API and modified to write results back to a text box instead of a browser.  My login id and tran key have been removed from this example only.

        ' By default, this sample code is designed to post to our test server for
        ' developer accounts: https://test.authorize.net/gateway/transact.dll
        ' for real accounts (even in test mode), please make sure that you are
        ' posting to: https://secure.authorize.net/gateway/transact.dll
        Dim post_url
        post_url = "https://test.authorize.net/gateway/transact.dll"

        Dim post_values As New Dictionary(Of String, String)

        'the API Login ID and Transaction Key must be replaced with valid values
        post_values.Add("x_login", "<our test id>")
        post_values.Add("x_tran_key", "<our test tran key>")

        post_values.Add("x_delim_data", "TRUE")
        post_values.Add("x_delim_char", "|")
        post_values.Add("x_relay_response", "FALSE")

        post_values.Add("x_type", "AUTH_ONLY")   'AUTH_CAPTURE
        post_values.Add("x_method", "CC")
        post_values.Add("x_card_num", "4111111111111111")
        post_values.Add("x_exp_date", "0115")

        post_values.Add("x_amount", "0.00")
        post_values.Add("x_description", "Sample Transaction")

        post_values.Add("x_first_name", "John")
        post_values.Add("x_last_name", "Doe")
        post_values.Add("x_address", "1234 Street")
        post_values.Add("x_state", "WA")
        post_values.Add("x_zip", "98004")
        ' Additional fields can be added here as outlined in the AIM integration
        ' guide at: http://developer.authorize.net

        ' This section takes the input fields and converts them to the proper format
        ' for an http post.  For example: "x_login=username&x_tran_key=a1B2c3D4"
        Dim post_string As String = ""
        For Each field As KeyValuePair(Of String, String) In post_values
            post_string &= field.Key & "=" & field.Value & "&"
        Next

        post_string = post_string.Substring(0, post_string.Length - 1)
        'post_string = Left(post_string, Len(post_string) - 1)

        ' create an HttpWebRequest object to communicate with Authorize.net
        Dim objRequest As HttpWebRequest = CType(WebRequest.Create(post_url), HttpWebRequest)
        objRequest.Method = "POST"
        objRequest.ContentLength = post_string.Length
        objRequest.ContentType = "application/x-www-form-urlencoded"

        ' post data is sent as a stream
        Dim myWriter As StreamWriter = Nothing
        myWriter = New StreamWriter(objRequest.GetRequestStream())
        myWriter.Write(post_string)
        myWriter.Close()

        ' returned values are returned as a stream, then read into a string
        Dim objResponse As HttpWebResponse = CType(objRequest.GetResponse(), HttpWebResponse)
        Dim responseStream As New StreamReader(objResponse.GetResponseStream())
        Dim post_response As String = responseStream.ReadToEnd()
        responseStream.Close()

        ' the response string is broken into an array
        Dim response_array As Array = Split(post_response, post_values("x_delim_char"), -1)

        Dim Counter As Integer = 0
        For Each value As String In response_array
            Counter += 1
            LogTextBox.AppendText(Counter.ToString & " [" & value & "]" & vbCrLf)
        Next

        ' individual elements of the array could be accessed to read certain response
        ' fields.  For example, response_array(0) would return the Response Code,
        ' response_array(2) would return the Response Reason Code.
        ' for a list of response fields, please review the AIM Implementation Guide

You can get a developer account for testing.

I've been using the API Login and Transaction key from the e-mail I recieved some time ago titled  "RE: New Test Account Application"  when I applied for my test account.  The developer location you pointed to is the same location I used to apply for my test account.  These are the same correct?

I run the included test transaction and it runs fine, and I get a response.

Whenever I change the x_type to "AUTH_ONLY" and the x_amount to "0.00" as suggested to test AVS only, I get the following response: (I changed the address and zip also to see if it would fail AVS)

1 [3]
2 [1]
3 [289]
4 [This processor does not accept zero dollar authorization for this card type.]
5 []
6 [P]
7 [0]
8 []
9 [Sample Transaction]
10 [0.00]
11 [CC]
12 [auth_only]
13 []
14 [John]
15 [Doe]
16 []
17 [22 Street]
18 []
19 [WA]
20 [98005]

Thanks for the help so far.  Getting AVS only to work is the last piece we need to verify so we can move forward with Authorize.net since the transaction part worked flawlessly using the test code.

Hey jep,

To answer your question, you cannot currently submit a $0 amount using your test account. That's why you keep getting an error 289. There isn't currently a way to test $0 authorizations in the testing environment.

Thanks,

Michelle